Remote Automation Solutions Guide: Security Group Privileges Reference Guide-OpenEnterprise v2.83 Manuals & Guides
Reference Guide
D301531X412
April 2012
OpenEnterprise Security Group
Privileges Reference Guide (V2.83)
Remote Automation Solutions
Website: www.EmersonProcess.com/Remote
Reference Guide
D301531X412
APRIL 2012
Security Group Privileges
Contents
1 Security Group Privileges Editor...........................................................................................1
1.1 Security Group Privileges Overview ...................................................................................1
1.2 Main Dialog .........................................................................................................................1
1.2.1 Table and View Groups................................................................................................2
1.2.2 Tables and Views.........................................................................................................2
1.2.3 Assigning Privileges .....................................................................................................2
1.2.4 Changed Privileges ......................................................................................................3
1.2.5 User Groups .................................................................................................................3
1.2.6 Creating User Groups...................................................................................................3
1.2.6.1 Administrators ........................................................................................................3
1.2.6.2 Engineers...............................................................................................................3
1.2.6.3 Operators ...............................................................................................................3
1.2.6.4 Dispatchers ............................................................................................................4
1.2.6.5 Guests....................................................................................................................4
1.2.7 OK.................................................................................................................................4
1.2.8 Cancel...........................................................................................................................4
1.2.9 Apply.............................................................................................................................4
1.2.10 Refresh......................................................................................................................4
1.2.11 Undo..........................................................................................................................4
1.2.12 Help...........................................................................................................................4
1.3 Main Dialog Menu...............................................................................................................4
1.3.1 File................................................................................................................................5
1.3.2 Edit................................................................................................................................5
1.3.3 View..............................................................................................................................5
1.3.4 Security.........................................................................................................................5
1.3.5 Tools.............................................................................................................................5
1.3.6 Help Menu ....................................................................................................................6
1.4 SQL Batches Dialog............................................................................................................6
1.4.1 Toggle Batch Operation................................................................................................6
1.4.2 SQL Batch Size ............................................................................................................6
1.4.3 Delay Between Batches ...............................................................................................6
1.4.4 OK.................................................................................................................................7
1.4.5 Cancel...........................................................................................................................7
1.4.6 Help ..............................................................................................................................7
1.5 SQL Execution Dialog.........................................................................................................7
1.5.1 Batch Processing Pane................................................................................................7
1.5.2 Batch Progress Bar ......................................................................................................8
1.5.3 Cancel - Close..............................................................................................................8
1.5.4 SQL Errors....................................................................................................................8
2 Index .......................................................................................................................................10
- i -
Reference Guide
D301531X412
APRIL 2012
Security Group Privileges
1 Security Group Privileges Editor
1.1 Security Group Privileges Overview
The Security Group Privileges Editor enables Administrative users to set table or view privileges for
User Groups.
Table and View privileges consist of: -
1. None - users who belong to the Group cannot view or change any of the data in the table or
view
2. RO (Read-Only) - users who belong to the Group can view the data in the table or view, but
cannot change it.
3. RW (Read-Write) - users who belong to the Group can view and change the data within the
table or view. This includes modification, insertion and deletion of objects.
Once table and view privileges are set up for each User Group, it is a simple matter of assigning each
user to the appropriate Group, and the user gets the database privileges required to do their job.
It is important to remember that only views contain access area security, such that a user can only
view objects within a table that belong to the access areas assigned to them. Giving a user RW or RO
privileges on the corresponding table will give the user access to all objects within the table.
Main Page
1.2 Main Dialog
The Security Group Privileges Editor enables Administrative users to set table or view privileges for
User Groups. The Main Dialog is a grid of table groups (vertical) and user groups (horizontal). Table s
and views are grouped into functional areas for greater clarity. Click the hotspots* on the example
below for further help.
- 1 -
Reference Guide
D301531X412
APRIL 2012
Security Group Privileges
SQL Batches Page
Security Group Privileges Overview
1.2.1 Table and View Groups
In order to avoid confusion, the more important tables and views have been group together according
to functionality. Each group is coloured grey, and has a plus sign to the left of it when not expanded -
.
When the plus sign is selected, the group expands to reveal the tables and views beneath it. The plus
sign then becomes a minus sign -
to indicate that the Group is expanded.
1.2.2 Tables and Views
Tables and views are displayed with a light blue background. They are grouped according to
functionality, and are slightly inset from the table and view groups under which they reside. They have
no minus or plus sign to the left of them, since they cannot be expanded themselves.
Tables can be largely identified by the presence of an underline in the name (i.e. realanalog_table,
dvi_device). Views have no underline (i.e. realanalog), except for the users table. It is important to
grant privileges on the views only for non-administrative users, since the views contain the
accessarea security that restri cts the viewing of objects according to accessarea.
1.2.3 Assigning Privileges
When you select a cell that defines a privilege for a User group, a drop-down list will appear.
- 2 -
Reference Guide
D301531X412
APRIL 2012
The list gives you the option of assigning no privileges (None), read-only privileges (RO) or read-write
privileges (RW) on that table or view to the User group.
If you assign privileges to a table group, the privileges will be assigned to all of the tables and views
under the group.
Security Group Privileges
1.2.4 Changed Privileges
When privileges are changed during a session with the Security Group Privileges editor, the cell with
the changed privilege has its background color changed -
a glance what has been changed during the session, and adjust it if not required by selectin g the
[Undo] or [Refresh] button.
If a table or view within a group is changed, the group cell changes color also to indicate that one of
the tables or views under it has changed.
. This enables you to see at
1.2.5 User Groups
User groups are displayed as columns across the top of the Main Dialog. If no user groups have been
created, the Security Group Privileges Editor provides a message saying that no user groups have
been configured, and it does not open.
User groups can be created when building the database using the Database Project Builder, or they
can be created at a later stage using the Security Configuration tool or by using the SQL Client. For
more information on using the SQL Client see the Creating User Groups page in this help file.
1.2.6 Creating User Groups
If you use the Database Project Builder (DPB) to build your database, you will have been given the
opportunity to create a set of default user groups already.
However, if you did not use the DPB, you can include the SQL script file that is used by the DPB to
add the groups. Open the SQL Client (Start>Programs>OpenEnterprise>Database>SQL is the default
link), and type include 'defaultgroups';.
If you have maximum access privileges assigned to the PUBLIC user, these will need to be revoked
with revoke all on <tablename> from PUBLIC;. Then minimum access can be granted by typing
include 'grantminimum'; into the SQL Client.
The default user groups are :
1.2.6.1 Administrators
Administrators have un
1.2.6.2 Engineers
Enginee
privileges of other users.
1.2.6.3 Operators
Operators are expecte
Workstation configuration but no Server configuration.
rs need configuration acess to all system features except those related to controlling security
restricted access to all OpenEnterprise functionality.
d to be able to change set points, acknowledge alarms and perform basic
- 3 -
Reference Guide
D301531X412
APRIL 2012
1.2.6.4 Dispatchers
Security Group Privileges
Dispatchers require re
acknowledge alarms. They are not required to change set points.
1.2.6.5 Guests
sts are only given read-only access. They can view data but cannot acknowledge alarms or
Gue
change set points.
Main Page
ad-only access to all operational and process data and the ability to
1.2.7 OK
Selection of this button closes the Security Group Privileges Editor. Any configuration changes made
will be submitted to the database before closing and the SQL Execution Dialog will be shown first.
When the Close button is selected from the SQL Execution Diaog, the Security Group Privileges
Editor will be closed also.
1.2.8 Cancel
Selection of this button closes the dialog. Any configuration changes made will be ignored.
1.2.9 Apply
Selection of this button will cause any configuration changes made to be submitted to the database.
The SQL Batches Dialog will be shown. When all SQL Batches have been submitted to the database,
and the SQL Batches Dialog is closed, you will be returned to the Main Dialog, and may continue with
further configuration. Any pink cells indicating changes made will now be returned to their default
color (i.e. grey for table groups and light blue for tables and views).
1.2.10 Refresh
Refreshes the whole grid display on the Main Dialog. All changed cells will be returne d to the value
they had when the Security Group Privileges Editor last read the database, and their color will return
to the default (i.e. grey for table/view groups and light blue for the tables or views themselves).
Use this when you want to get rid of all changes made and start from scratch. If you only want to
undo the last few changes, use the [Undo] button.
1.2.11 Undo
Enables you to undo changes made on the grid in reverse order one at a time. For instance, if you
make three separate changes, then decide to keep only the first change, click this button two times.
1.2.12 Help
This button will open the help file at the correct page. Context sensitive help can also be accessed
when on this dialog by pressing the [F1] key on your keyboard.
1.3 Main Dialog Menu
The Main Menu consists of File, Edit, View, Security and Help options. Click the hotspots* on the
example below for further help.
- 4 -
Reference Guide
D301531X412
APRIL 2012
Main Page
Security Group Privileges
1.3.1 File
The File menu only has one option - Exit. Selecting this Exits the Security Group Privileges Editor.
Any changes made on the grid will be ignored.
1.3.2 Edit
The Edit menu has a single option - Undo. It acts the same way as the [Undo] button. It is not active
until a change is made on the grid. Then it becomes active and selecting it will undo the change just
made. It is capable, like the [Undo] button of undoing several previous changes in reverse
chronological order.
1.3.3 View
The View menu has one option - Refresh. This acts in the same way as the [Refresh] button. When
selected, it will undo all changes that have been made on the grid.
1.3.4 Security
The Security menu item provides options for re-setting database privileges to an Open or Secure
setting.
• Secure Access - highest security access, such that a newly created user would automatically
only have access to view signal and alarm data, but could not change any values.
• Open Access - lowest security access, such that a newly created user would automatically
have Read-Write access to all tables.
1.3.5 Tools
The Tools menu has one option - Options.... This provides access to the SQL Batches Dialog, which
enables configuration of SQL statements in various sized batches. This can be useful when making
large changes to reduce strain on the database.
- 5 -
Reference Guide
D301531X412
APRIL 2012
Security Group Privileges
1.3.6 Help Menu
The Help menu has two options - Contents and About. The Contents optio n opens this help file. The
About option opens the About box, which provides contact information and information about the
version an build of OpenEnterprise that you are using.
1.4 SQL Batches Dialog
The SQL Batches Dialog enables you to configure how the Security Group Privileges Editor runs the
SQL statements required for making changes in the database. The default settings are that SQL
statements will be sent in batches, the batch size being 10 statements, and the delay between
batches is 1 second. Click the hotspots* on the example below for further help.
Main Page
1.4.1 Toggle Batch Operation
The use of batches can be disabled by un-checking this box. Changing table security privileges can
be a database intensive operation, which is why batch operation is enabled by default.
1.4.2 SQL Batch Size
The number of SQL statements to perform per batch. The default setting is 10. The smaller this
number is, the less strain there will be on the database, but the whole operation will take longer.
1.4.3 Delay Between Batches
The delay between batch processing in seconds. The default setting is 1 second. To ease the strain
on the database, set this to a higher figure.
- 6 -
Reference Guide
D301531X412
APRIL 2012
Security Group Privileges
1.4.4 OK
When this button is selected, the SQL Batches dialog will close. Any Batch configuration changes will
be saved before closing.
1.4.5 Cancel
Selection of this button closes the dialog. Any configuration changes made will be ignored.
1.4.6 Help
This button will open the help file at the correct page. Context sensitive help can also be accessed
when on this dialog by pressing the [F1] key on your keyboard.
1.5 SQL Execution Dialog
The SQL Batches Dialog displays the SQL commands that are submitted to the database by the
Security Group Privileges Editor based on any changes made on the grid. The SQL Batches dialog
will inform you of any batches that failed. Click the hotspots* on the example below for further help.
Main Page
1.5.1 Batch Processing Pane
The Batch Processing pane informs you of progress in making the changes to user g roup privileges
based on the changes made on the grid of the Main Dialog.
If an error is encountered, a message box is displayed explaining the error, asking if you want to
continue with the rest of the updates.
- 7 -
Reference Guide
D301531X412
APRIL 2012
Security Group Privileges
1.5.2 Batch Progress Bar
The bar turns blue as processing of the SQL statements to write Group Security configuration
changes to the database progresses. During this process, you can cancel the process by clicking on
the [Cancel] button. When the bar reaches its full length, the configuration changes are complete,
and the [Cancel] button is changed to a [Close] button.
1.5.3 Cancel - Close
During the process of writing Group Privileges to the database, you can cance l the process by
clicking on the [Cancel] button. When the process is complete, [Cancel] button is changed to a
[Close] button. Click the [Close] button to close the SQL Execution Dialog.
1.5.4 SQL Errors
If an error is encountered whilst sending SQL statements to the database, a message box is
displayed informing you of the error, and giving you the option of continuing or not.
If you select the [Yes] button, the Security Group Privileges Editor will continue processing the SQL
statements until the rest of the statements have been sent to the database. One failed statement will
not stop the rest of the processing. If you select the [No] button, no more statements will be sent to
the database. Successful statements sent up until that time will be committed to the database.
The Batch Processing pane will also show the errors that were encountered:
- 8 -
Reference Guide
D301531X412
APRIL 2012
SQL Execution Dialog
Security Group Privileges
- 9 -
Reference Guide
D301531X412
APRIL 2012
2 Index
1
A
Apply ..................................................................6
Assigning Privileges........................................... 4
B
Batch Processing Pane...................................... 9
Batch Progress Bar............................................ 9
C
Cancel............................................................ 6, 9
Changed Privileges............................................ 5
Close.................................................................. 9
Creating User Groups........................................ 5
Security Group Privileges
OK.......................................................................6
R
Refresh ...............................................................6
S
Security...............................................................7
Security Group Privileges Overview...................3
SQL Batch Size...................................................8
SQL Batches OK.................................................8
SQL Batches Page .............................................8
SQL Errors........................................................10
SQL Execution Dialog.........................................9
D
Delay Between Batches..................................... 8
E
Edit..................................................................... 7
H
Help................................................................ 6, 9
Help Menu.......................................................... 8
M
Main Dialog Menu.............................................. 6
Main Page.......................................................... 3
O
T
Table...................................................................4
Toggle Batch Operation......................................8
Tools...................................................................7
U
Undo ...................................................................6
User Groups........................................................5
V
View ................................................................4, 7
View Groups .......................................................4
- 10 -
Reference Guide
D301531X412
APRIL 2012
DISCLAIMER
Bristol, Inc., Bristol Babcock Ltd, Bristol Canada, BBI SA de CV and the Flow Computer Division , are wholly owned subsidiaries of Emerson Electric Co. doing business
as Remote Automation Solutions (“RAS”), a division of Emerson Process Management. ROC, FloBoss, ROCLINK, Bristol, Bristol Babcock, ControlWave, TeleFlow and
Helicoid are trademarks of RAS. AMS, PlantWeb and the PlantWeb logo are marks of Emerson Electric Co. The Emerson logo is a trademark and service mark of the
Emerson Electric Co. All other marks are property of their respective owners.
The contents of this publication are presented for informational purposes only. While every effort has been made to ensure informational accuracy, they are not to be
construed as warranties or guarantees, express or implied, regarding the products or services described herein or their use or applicability. RAS reserves the right to
modify or improve the designs or specifications of such products at any time without notice. All sales are governed by RAS’ terms and conditions which are available upon
request. RAS does not assume responsibility for the selection, use or ma intenance of any product. Responsibility for proper selection, use and maintenance of any RAS
product remains solely with the purchaser and end-user.
Engineered and supported by:
Remote Automation Solutions,
Blackpole Road, Worcester, WR3 8YB, UK
Registered office: Meridian East, Leicester, LE19 1UX
Registered in England and Wales, Registration No. 00671801
VAT Reg No. GB 705 353 652
Emerson Process Management
Remote Automation Solutions
1100 Buckingham St
Watertown, CT 06795
T 1 (860) 945 2200
F 1 (860) 945 2278
www.EmersonProcess.com/Remote
binfo@EmersonProcess.com
© 2001-2012 Remote Automation Solutions, division of Emerson Process Management. All rights
reserved.
Emerson Process Management
Remote Automation Solutions
Blackpole Road
Worcester, WR3 8YB
T 44 (0) 1905 856848
F 44 (0) 1905 856930
www.EmersonProcess.com/Remote
oedsupport@EmersonProcess.com
Loading...